成都装修建材网站建设,企业服饰网站模板,国际服务器,公司制作一个网站要多少钱总的流程分为两部分#xff0c;一是先用Map把configurer收集起来#xff0c;然后再把maper中所有的configurer应用到HttpSecurity对象。
其中的map位于AbstractConfiguredSecurityBuilder这个类。 private final LinkedHashMapClass? extends SecurityConfigurer一是先用Map把configurer收集起来然后再把maper中所有的configurer应用到HttpSecurity对象。
其中的map位于AbstractConfiguredSecurityBuilder这个类。 private final LinkedHashMapClass? extends SecurityConfigurerO, B, ListSecurityConfigurerO, B configurers;configurer添加分为两部分都通过WebSecurityConfigurerAdapter的init方法来实现 public void init(WebSecurity web) throws Exception {HttpSecurity http this.getHttp();web.addSecurityFilterChainBuilder(http).postBuildAction(() - {FilterSecurityInterceptor securityInterceptor (FilterSecurityInterceptor)http.getSharedObject(FilterSecurityInterceptor.class);web.securityInterceptor(securityInterceptor);});}其中init方法会调用的 protected final HttpSecurity getHttp() throws Exception方法 protected final HttpSecurity getHttp() throws Exception {if (this.http ! null) {return this.http;} else {AuthenticationEventPublisher eventPublisher this.getAuthenticationEventPublisher();this.localConfigureAuthenticationBldr.authenticationEventPublisher(eventPublisher);AuthenticationManager authenticationManager this.authenticationManager();this.authenticationBuilder.parentAuthenticationManager(authenticationManager);MapClass?, Object sharedObjects this.createSharedObjects();this.http new HttpSecurity(this.objectPostProcessor, this.authenticationBuilder, sharedObjects);if (!this.disableDefaults) {//添加第一部分configurerthis.applyDefaultConfiguration(this.http);ClassLoader classLoader this.context.getClassLoader();ListAbstractHttpConfigurer defaultHttpConfigurers SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, classLoader);Iterator var6 defaultHttpConfigurers.iterator();while(var6.hasNext()) {AbstractHttpConfigurer configurer (AbstractHttpConfigurer)var6.next();this.http.apply(configurer);}}//这句代码调用本类中的configure方法继续添加configurerthis.configure(this.http);return this.http;}}该方法中执行了this.applyDefaultConfiguration(this.http)其代码为 private void applyDefaultConfiguration(HttpSecurity http) throws Exception {http.csrf();http.addFilter(new WebAsyncManagerIntegrationFilter());http.exceptionHandling();http.headers();http.sessionManagement();http.securityContext();http.requestCache();http.anonymous();http.servletApi();http.apply(new DefaultLoginPageConfigurer());http.logout();}另一部分是通过WebSecurityConfigurerAdapter的config方法添加的configurer protected void configure(HttpSecurity http) throws Exception {this.logger.debug(Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).);http.authorizeRequests((requests) - {((AuthorizedUrl)requests.anyRequest()).authenticated();});http.formLogin();http.httpBasic();}至此configurers填充完毕。
AbstractConfigedSecurityBuilder的private void configure() throws Exception 这个方法会遍历之前填充好的configurer,将其应用到HttpSecurity对象也就是添加了Fliter private void configure() throws Exception {CollectionSecurityConfigurerO, B configurers this.getConfigurers();Iterator var2 configurers.iterator();while(var2.hasNext()) {SecurityConfigurerO, B configurer (SecurityConfigurer)var2.next();configurer.configure(this);}}该方法的循环体执行完成后HttpSecurity对象就包含了15个过滤器。 以上是使用Spring Security5进行的分析。 Spring Security 6使用AuthorizationFilter取代了FilterSecurityInterceptor